<?php
include("conn.php");
$admin_ming=$_POST["admin_ming"];
$admin_mima=$_POST["admin_mima"];
//替换非法字符串
$admin_mima = str_replace("'","",$admin_mima);
$admin_mima = str_replace('/"',"",$admin_mima);//特殊符号替换

if($admin_ming=="" or $admin_mima=="")
{
	OutErrorBack("用户名和密码必须填写！");
	exit;
}
$conn= new Mysql();
$sql="select * from guanli_table_shop where guanli_name='".$admin_ming."' and guanli_mima='".substr(md5($admin_mima),8,16)."'";
$res=$conn->query($sql);
if($res){
    $rs =$conn->getRow($sql);
	if($rs["isstate"]==1){
	    //session_start();
	$_SESSION["useradmin"] = $admin_ming;
	$_SESSION["usertype"] = $rs["guanli_gltype"];
	$_SESSION["Uname"]= $rs["guanli_uname"];
	$_SESSION["pwd"] = $rs["guanli_mima"];
	$_SESSION["AID"] = $rs["id"];
		GoLink("main.php");
	}else{
			OutErrorBack("对不起，账户已被停用，请联系管理员！");
	exit;
			}
}else{
    //echo "error";
    	OutErrorBack("对不起，用户名或密码错误！");

}

?>